Vulnerability Details : CVE-2007-5020
Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file, related to the mailto: option and Internet Explorer 7 on Windows XP. NOTE: this information is based upon a vague pre-advisory by a reliable researcher.
Vulnerability category: Execute code
Products affected by CVE-2007-5020
- cpe:2.3:a:adobe:acrobat_reader:8.1:*:windows:*:*:*:*:*
- cpe:2.3:a:adobe:acrobat:8.1:*:windows:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-5020
24.44%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-5020
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2007-5020
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2007-5020
-
Red Hat 2007-10-08According to Abobe this issue affects only the Windows platform and therefore does not affect Adobe Acrobat Reader as distributed with Red Hat Enterprise Linux Extras. http://www.adobe.com/support/security/advisories/apsa07-04.html
References for CVE-2007-5020
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/36722
-
http://www.adobe.com/support/security/advisories/apsa07-04.html
-
http://www.securityfocus.com/archive/1/480080/100/0/threaded
-
http://www.gnucitizen.org/blog/0day-pdf-pwns-windows
-
http://www.securityfocus.com/bid/25748
-
http://www.vupen.com/english/advisories/2007/3392
Vendor Advisory
-
http://www.us-cert.gov/cas/techalerts/TA07-297B.html
US Government Resource
-
http://www.securitytracker.com/id?1018723
Jump to